tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,484 Commits 6 Branches 20 Tags 99 MiB
Commit Graph

10484 Commits

Author SHA1 Message Date
djm@openbsd.org a8265bd64c upstream: openssh-8.3; ok deraadt@ 
OpenBSD-Commit-ID: c8831ec88b9c750f5816aed9051031fb535d22c1
 2020-05-07 15:39:00 +10:00
djm@openbsd.org 955854cafc upstream: another case where a utimes() failure could make scp send 
a desynchronising error; reminded by Aymeric Vincent ok deraadt markus

OpenBSD-Commit-ID: 2ea611d34d8ff6d703a7a8bf858aa5dbfbfa7381
 2020-05-07 15:39:00 +10:00
Darren Tucker 59d531553f Check if -D_REENTRANT is needed for localtime_r. 
On at least HP-UX 11.11, the localtime_r declararation is behind
ifdef _REENTRANT.  Check for and add if needed.
 2020-05-07 15:39:00 +10:00
Darren Tucker c13403e55d Skip security key tests if ENABLE_SK not set. 2020-05-05 11:32:43 +10:00
djm@openbsd.org 4da393f87c upstream: sure enough, some of the test data that we though were in 
new format were actually in the old format; fix from Michael Forney

OpenBSD-Regress-ID: a41a5c43a61b0f0b1691994dbf16dfb88e8af933
 2020-05-04 18:42:13 +10:00
djm@openbsd.org 15bfafc1db upstream: make mktestdata.sh generate old/new format keys that we 
expect. This script was written before OpenSSH switched to new-format private
keys by default and was never updated to the change (until now) From Michael
Forney

OpenBSD-Regress-ID: 38cf354715c96852e5b71c2393fb6e7ad28b7ca7
 2020-05-04 18:42:13 +10:00
djm@openbsd.org 7882d2eda6 upstream: portability fix for sed that always emil a newline even 
if the input does not contain one; from Michael Forney

OpenBSD-Regress-ID: 9190c3ddf0d2562ccc02c4a95fce0e392196bfc7
 2020-05-04 18:42:13 +10:00
djm@openbsd.org 8074f9499e upstream: remove obsolete RSA1 test keys; spotted by Michael Forney 
OpenBSD-Regress-ID: 6384ba889594e217d166908ed8253718ab0866da
 2020-05-04 18:42:13 +10:00
Darren Tucker c697e46c31 Update .depend. 2020-05-02 18:34:47 +10:00
Darren Tucker 83657eac42 Remove use of tail for 'make depend'. 
Not every tail supports +N and we can do with out it so just remove it.
Prompted by mforney at mforney.org.
 2020-05-02 18:29:40 +10:00
djm@openbsd.org d25d630d24 upstream: we have a sshkey_save_public() function to save public keys; 
use it and save a bunch of redundant code.

Patch from loic AT venez.fr; ok markus@ djm@

OpenBSD-Commit-ID: f93e030a0ebcd0fd9054ab30db501ec63454ea5f
 2020-05-02 17:36:39 +10:00
Darren Tucker e9dc986372 Use LONG_LONG_MAX and friends if available. 
If we don't have LLONG_{MIN,MAX} but do have LONG_LONG_{MIN,MAX}
then use those instead.  We do calculate these values in configure,
but it turns out that at least one compiler (old HP ANSI C) can't
parse "-9223372036854775808LL" without mangling it. (It can parse
"-9223372036854775807LL" which is presumably why its limits.h defines
LONG_LONG_MIN as the latter minus 1.)

Fixes rekey test when compiled with the aforementioned compiler.
 2020-05-01 18:41:40 +10:00
djm@openbsd.org aad87b88fc upstream: when receving a file in sink(), be careful to send at 
most a single error response after the file has been opened. Otherwise the
source() and sink() can become desyncronised. Reported by Daniel Goujot,
Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.

ok deraadt@ markus@

OpenBSD-Commit-ID: 6c14d233c97349cb811a8f7921ded3ae7d9e0035
 2020-05-01 16:40:11 +10:00
djm@openbsd.org 31909696c4 upstream: expose vasnmprintf(); ok (as part of other commit) markus 
deraadt

OpenBSD-Commit-ID: 2e80cea441c599631a870fd40307d2ade5a7f9b5
 2020-05-01 16:40:11 +10:00
djm@openbsd.org 99ce9cefbe upstream: avoid NULL dereference when attempting to convert invalid 
ssh.com private keys using "ssh-keygen -i"; spotted by Michael Forney

OpenBSD-Commit-ID: 2e56e6d26973967d11d13f56ea67145f435bf298
 2020-05-01 16:40:11 +10:00
Darren Tucker 6c6072ba8b See if SA_RESTART signals will interrupt select(). 
On some platforms (at least older HP-UXes such as 11.11, possibly others)
setting SA_RESTART on signal handers will cause it to not interrupt
select(), at least for calls that do not specify a timeout.  Try to
detect this and if found, don't use SA_RESTART.

POSIX says "If SA_RESTART has been set for the interrupting signal, it
is implementation-dependent whether select() restarts or returns with
[EINTR]" so this behaviour is within spec.
 2020-05-01 15:09:26 +10:00
Damien Miller 90a0b434ed fix reversed test 2020-05-01 13:55:03 +10:00
Damien Miller c0dfd18dd1 wrap sha2.h inclusion in #ifdef HAVE_SHA2_H 2020-05-01 13:29:16 +10:00
djm@openbsd.org a01817a9f6 upstream: adapt dummy FIDO middleware to API change; ok markus@ 
OpenBSD-Regress-ID: 8bb84ee500c2eaa5616044314dd0247709a1790f
 2020-05-01 13:13:36 +10:00
jmc@openbsd.org 261571ddf0 upstream: tweak previous; ok markus 
OpenBSD-Commit-ID: 41895450ce2294ec44a5713134491cc31f0c09fd
 2020-05-01 13:13:29 +10:00
markus@openbsd.org 5de21c82e1 upstream: bring back debug() removed in rev 1.74; noted by pradeep 
kumar

OpenBSD-Commit-ID: 8d134d22ab25979078a3b48d058557d49c402e65
 2020-05-01 13:13:29 +10:00
markus@openbsd.org ea14103ce9 upstream: run the 2nd ssh with BatchMode for scp -3 
OpenBSD-Commit-ID: 77994fc8c7ca02d88e6d0d06d0f0fe842a935748
 2020-05-01 13:13:29 +10:00
djm@openbsd.org 59d2de956e upstream: when signing a challenge using a FIDO toke, perform the 
hashing in the middleware layer rather than in ssh code. This allows
middlewares that call APIs that perform the hashing implicitly (including
Microsoft's AFAIK). ok markus@

OpenBSD-Commit-ID: c9fc8630aba26c75d5016884932f08a5a237f37d
 2020-05-01 13:13:29 +10:00
dtucker@openbsd.org c9d10dbc0c upstream: Fix comment typo. Patch from mforney at mforney.org. 
OpenBSD-Commit-ID: 3565f056003707a5e678e60e03f7a3efd0464a2b
 2020-05-01 13:13:28 +10:00
dtucker@openbsd.org 4d2c87b4d1 upstream: We've standardized on memset over bzero, replace a couple 
that had slipped in.  ok deraadt markus djm.

OpenBSD-Commit-ID: f5be055554ee93e6cc66b0053b590bef3728dbd6
 2020-05-01 13:13:28 +10:00
Darren Tucker 7f23f42123 Include sys/byteorder.h for htons and friends. 
These are usually in netinet/in.h but on HP-UX they are not defined if
_XOPEN_SOURCE_EXTENDED is set.  Only needed for netcat in the regression
tests.
 2020-05-01 12:51:36 +10:00
Darren Tucker d27cba58c9 Fix conditional for openssl-based chacha20. 
Fixes warnings or link errors when building against older OpenSSLs.
ok djm
 2020-05-01 09:21:52 +10:00
Darren Tucker 20819b962d Error out if given RDomain if unsupported. 
If the config contained 'RDomain %D' on a platform that did not support
it, the error would not be detected until runtime resulting in a broken
sshd.  Detect this earlier and error out if found.  bz#3126, based on a
patch from jjelen at redhat.com, tweaks and ok djm@
 2020-04-24 15:11:14 +10:00
dtucker@openbsd.org 2c1690115a upstream: Fix incorrect error message for "too many known hosts files." 
bz#3149, patch from jjelen at redhat.com.

OpenBSD-Commit-ID: e0fcb07ed5cf7fd54ce340471a747c24454235e5
 2020-04-24 14:57:52 +10:00
dtucker@openbsd.org 3beb7276e7 upstream: Remove leave_non_blocking() which is now dead code 
because nothing sets in_non_blocking_mode any more. Patch from
michaael.meeks at collabora.com, ok djm@

OpenBSD-Commit-ID: c403cefe97a5a99eca816e19cc849cdf926bd09c
 2020-04-24 12:58:13 +10:00
jmc@openbsd.org 8654e35617 upstream: ce examples of "Ar arg Ar arg" with "Ar arg arg" and 
stop the spread;

OpenBSD-Commit-ID: af0e952ea0f5e2019c2ce953ed1796eca47f0705
 2020-04-24 12:57:50 +10:00
Darren Tucker 67697e4a82 Update .depend. 2020-04-24 11:10:18 +10:00
Darren Tucker d6cc761762 Mailing list is now closed to non-subscribers. 
While there, add a reference to the bugzilla.  ok djm@
 2020-04-22 14:07:00 +10:00
Darren Tucker cecde6a416 Put the values from env vars back. 
This merges the values from the recently removed environment into make's
command line arguments since we actually need those.
 2020-04-22 12:09:40 +10:00
Darren Tucker 300c4322b9 Pass configure's egrep through to test-exec.sh. 
Use it to create a wrapper function to call it from tests.  Fixes the
keygen-comment test on platforms with impoverished default egrep (eg
Solaris).
 2020-04-22 11:35:49 +10:00
Darren Tucker c8d9796cfe Remove unneeded env vars from t-exec invocation. 2020-04-22 11:35:49 +10:00
dtucker@openbsd.org 01d4cdcd45 upstream: Backslash '$' at then end of string. Prevents warning on 
some shells.

OpenBSD-Regress-ID: 5dc27ab624c09d34078fd326b10e38c1ce9c741f
 2020-04-22 11:35:49 +10:00
Darren Tucker 8854724cce Sync rev 1.49. 
Prevent infinite for loop since i went from ssize_t to size_t.  Patch from
eagleoflqj via OpenSSH github PR#178, ok djm@, feedback & ok millert@
 2020-04-21 18:28:19 +10:00
djm@openbsd.org d00d07b674 upstream: regression test for printing of private key fingerprints and 
key comments, mostly by loic AT venez.fr (slightly tweaked for portability)
ok dtucker@

OpenBSD-Regress-ID: 8dc6c4feaf4fe58b6d634cd89afac9a13fd19004
 2020-04-20 14:47:26 +10:00
djm@openbsd.org a98d5ba31e upstream: fix a bug I introduced in r1.406: when printing private key 
fingerprint of old-format key, key comments were not being displayed. Spotted
by loic AT venez.fr, ok dtucker

OpenBSD-Commit-ID: 2d98e4f9eb168eea733d17e141e1ead9fe26e533
 2020-04-20 14:46:40 +10:00
djm@openbsd.org 32f2d0aad4 upstream: repair private key fingerprint printing to also print 
comment after regression caused by my recent pubkey loading refactor.
Reported by loic AT venez.fr, ok dtucker@

OpenBSD-Commit-ID: f8db49acbee6a6ccb2a4259135693b3cceedb89e
 2020-04-17 17:17:48 +10:00
djm@openbsd.org 094dd513f4 upstream: refactor out some duplicate private key loading code; 
based on patch from loic AT venez.fr, ok dtucker@

OpenBSD-Commit-ID: 5eff2476b0d8d0614924c55e350fb7bb9c84f45e
 2020-04-17 17:17:47 +10:00
jmc@openbsd.org 4e04f46f24 upstream: add space beteen macro arg and punctuation; 
OpenBSD-Commit-ID: c93a6cbb4bf9468fc4c13e64bc1fd4efee201a44
 2020-04-17 17:17:47 +10:00
djm@openbsd.org 44ae009a01 upstream: auth2-pubkey r1.89 changed the order of operations to 
checking AuthorizedKeysFile first and falling back to AuthorizedKeysCommand
if no key was found in a file. Document this order here; bz3134

OpenBSD-Commit-ID: afce0872cbfcfc1d4910ad7722e50f792a1dce12
 2020-04-17 17:17:47 +10:00
Damien Miller f96f17f920 sys/sysctl.h is only used on OpenBSD 
so change the preprocessor test used to include it to check
__OpenBSD__, matching the code that uses the symbols it declares.
 2020-04-17 14:07:15 +10:00
djm@openbsd.org 54688e937a upstream: fix reversed test that caused IdentitiesOnly=yes to not 
apply to keys loaded from a PKCS11Provider; bz3141, ok dtucker@

OpenBSD-Commit-ID: e3dd6424b94685671fe84c9b9dbe352fb659f677
 2020-04-17 14:03:36 +10:00
djm@openbsd.org 267cbc87b5 upstream: mention that /etc/hosts.equiv and /etc/shosts.equiv are 
not considered for HostbasedAuthentication when the target user is root;
bz3148

OpenBSD-Commit-ID: fe4c1256929e53f23af17068fbef47852f4bd752
 2020-04-17 14:03:36 +10:00
djm@openbsd.org c90f72d29e upstream: make IgnoreRhosts a tri-state option: "yes" ignore 
rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow
.shosts files but not .rhosts. ok dtucker@

OpenBSD-Commit-ID: d08d6930ed06377a80cf53923c1955e9589342e9
 2020-04-17 14:03:36 +10:00
djm@openbsd.org 321c714707 upstream: allow the IgnoreRhosts directive to appear anywhere in a 
sshd_config, not just before any Match blocks; bz3148, ok dtucker@

OpenBSD-Commit-ID: e042467d703bce640b1f42c5d1a62bf3825736e8
 2020-04-17 14:03:36 +10:00
jmc@openbsd.org ca5403b085 upstream: add space between macro arg and punctuation; 
OpenBSD-Commit-ID: e579e4d95eef13059c30931ea1f09ed8296b819c
 2020-04-17 14:03:16 +10:00